Lucene search
K

55 matches found

Tenable Nessus
Tenable Nessus
added 2017/09/20 12:0 a.m.40 views

Fedora 25 : ruby (2017-e136d63c99)

Fix ANSI escape sequence vulnerability CVE-2017-0899. - Fix DoS vulnerability in the query command CVE-2017-0900. - Fix a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files CVE-2017-0901. - Fix DNS request hijacking vulnerability CVE-2017-0902. - Fix...

9.8CVSS7.1AI score0.29442EPSS
Exploits6References6
FreeBSD
FreeBSD
added 2017/08/29 12:0 a.m.22 views

rubygems -- multiple vulnerabilities

Official blog of RubyGems reports: The following vulnerabilities have been reported: a DNS request hijacking vulnerability, an ANSI escape sequence vulnerability, a DoS vulnerability in the query command, and a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary...

1.2AI score
Exploits0References1
Hacker One
Hacker One
added 2017/04/02 5:31 p.m.55 views

RubyGems: Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier

Description: The RubyGems client supports a gem server API discovery functionality, which is used when pushing or pulling gems to a gem distribution/hosting server, like RubyGems.org. This functionality is provided via a SRV DNS request to the users gem source hostname prepended with...

6.8CVSS0.2AI score0.08934EPSS
Exploits1
Packet Storm
Packet Storm
added 2016/06/17 12:0 a.m.90 views

SAP NetWeaver AS JAVA 7.5 Cross Site Scripting

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XSS Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238375 Author: Vahagn Vardanyan ERPScan...

4.3CVSS0.3AI score0.01611EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2015/05/18 12:0 a.m.32 views

FreeBSD : rubygems -- request hijacking vulnerability (a0089e18-fc9e-11e4-bc58-001e67150279)

Jonathan Claudius reports : RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specifically a SRV record rubygems.tcp under the original requested domain. RubyGems did not...

5CVSS7.5AI score0.08934EPSS
Exploits0References4
Hacker One
Hacker One
added 2015/05/06 12:0 a.m.35 views

RubyGems: Request Hijacking Vulnerability In RubyGems 2.4.6 And Earlier

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356...

5CVSS8.1AI score0.08934EPSS
Exploits0
erpscan
erpscan
added 2015/01/09 12:0 a.m.18 views

SAP NetWeaver 7.4 (MDT component) - XSS vulnerability

Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4 Vendor URL: http://www.sap.com Bugs: XSS Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2206793 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...

0.2AI score
Exploits0
Prion
Prion
added 2015/01/03 11:59 a.m.15 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that 1 create categories via a data array to news/saveCategories or 2 modify credentials via a data array to admin/saveUser...

6.8CVSS7.8AI score0.0106EPSS
Exploits1References1Affected Software1
ThreatPost
ThreatPost
added 2013/10/30 11:54 a.m.12 views

HTTP Request Hijacking Attacks Threaten Mobile Apps

Thousands of mobile apps developed for the Apple iOS platform can be forced to display phony, even malicious content, because of a vulnerability that allows an attacker to redirect traffic to a third-party site and persistently serve content from that location. Researchers from Israeli mobile...

6.5AI score
Exploits0References2
The Hacker News
The Hacker News
added 2013/10/30 7:51 a.m.17 views

iOS apps vulnerable to HTTP Request Hijacking attacks over WiFi

Security researchers Adi Sharabani and Yair Amit have disclosed details about a widespread vulnerability in iOS apps, that could allow hackers to force the apps to send and receive data from the hackers' own servers rather than the legitimate ones they were coded to connect to. Speaking about the...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2013/10/29 8:51 p.m.19 views

iOS apps vulnerable to HTTP Request Hijacking attacks over WiFi

Security researchers Adi Sharabani and Yair Amit have disclosed details about a widespread vulnerability in iOS apps, that could allow hackers to force the apps to send and receive data from the hackers' own servers rather than the legitimate ones they were coded to connect to. Speaking about the...

6.6AI score
Exploits0
Packet Storm
Packet Storm
added 2013/06/26 12:0 a.m.29 views

PHP Charts 1.0 Remote Code Execution

!/usr/bin/python Original Advisory came from: http://packetstormsecurity.com/files/119582/PHP-Charts-1.0-Code-Execution.html infodox - insecurety.net import requests import random import threading import sys def genpayloadhost, port: """ Perl Reverse Shell Generator """ load = """perl -e 'use...

Exploits0
UbuntuCve
UbuntuCve
added 2012/09/05 11:55 p.m.26 views

CVE-2012-4393

Multiple cross-site request forgery CSRF vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use 1 addBookmark.php, 2 delBookmark.php, or 3 editBookmark.php in bookmarks/ajax/; 4 calendar/delete.php, 5 calendar/edit.php...

6.8CVSS5.9AI score0.01097EPSS
Exploits1References2
Prion
Prion
added 2010/09/24 7:0 p.m.17 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in loader/DocumentThreadableLoader.cpp in WebCore in WebKit before r57041, as used in Google Chrome before 4.1.249.1059, allows remote attackers to hijack the authentication of unspecified victims via a crafted synchronous preflight XMLHttpRequest...

6.8CVSS6.6AI score0.00958EPSS
Exploits0References17Affected Software1
CERT
CERT
added 2005/02/04 12:0 a.m.68 views

Single crafted HTTP request may result in multiple responses

Overview Some HTTP handling devices are vulnerable to a flaw which may allow a specially crafted request to elicit multiple responses, some of which may be controlled by the attacker. These attacks may result in cache poisoning, information leakage, cross-site scripting, and other outcomes...

4.3CVSS3.2AI score0.29784EPSS
Exploits4References4
Rows per page
Query Builder